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SOFTWARE-GENERATED MACHE^ mENTIFIER 
FIELD OF THE INVENTION 

5 

This invention relates to the field of computing devices, and in particular 
to the creation of a tamper-resistant machine identification code. 

BACKGROUND OF THE INVENTION 

10 

In many computing applications, it is often necessary or desirable to use 
a code that uniquely identifies a device. For example, in Digital Rights Management 
(DRM) systems, which enforce rights to content (e.g., audio, video, text, software, 
etc.), the rights are typically tied to a particular device (i.e., the content is usable only 

15 on a particular device), in which case it is necessary or convenient to identify the device 
by a unique (or substantially unique) identification code. 

In cases where a device is manufactured for this purpose, many 
hardware techniques exist for ensuring that the device is identifiable by a unique, 
tmalterable machine identification (MID). For exan^le, an MID is usually placed in 

20 hardware in a tamper-resistant way (such as by burning the MID mto the device's 
processor or into a built-in ROM, non-erasably encoding the MID on a built-in disk, 
using a smart card dongle, or using permanent electronic serial numbers encoded on the 
device's components, etc.). 

Many devices, however, do not have a built-in imique MID, or hardware 

25 from which one can be derived. For example, most handheld computers (e.g., 

PocketPC computers, Palm computers, etc.) are built from identical hardware that has 
no built-in unique identifiers. In such cases, it may be necessary to uniquely identify 
such a device, even if the device does not have any built-in unique identifiers. 

Most software approaches to creating an MID yield an MID that can be 

30 altered, duplicated or set by a device's user, making these MIDs untenable for security 
use. An MID that can be changed without detection invites "spoofing" of the device 
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that the MID is supposed to identify, thus allowing an interloper to obtain access to data 
or use of software that is supposed to be restricted to one device having a particular 
MID. Conventional software-based MIDs typically have the drawback that the software 
that creates them generally duplicates the same MID if the software is simply nm again 

5 on the same machine or on a different machine, allowing anyone who obtains the 
software to spoof the MID. Other deficiencies in software-created MIDs are their 
inability to survive a warm-boot (i.e., where the operating system (0/S) is restarted, 
but user data is not erased), and lack of techniques for using an MED in a manner that 
allows a change in the MID by a nefarious user to be detected. 

10 The present invention overcomes the drawbacks of the prior art. 

SUMMARY OF THE INVENTION 
A system and method for generating a tanker-resistant machine identifier 
(MID) is disclosed. An MID generated by the mvention is persistent across a warm- 

15 boot, is pseudo-random in nature and may be queried by user software, but can not be 
successfully set or changed by user software. 

An exemplary computing device has a file system that assigns a unique 
number (called an object identifier) to every "object" - e.g., a file block, a database 
record, or a registry entry, etc. When such an object is created, the memory 

20 location(s) allocated for the object become unavailable. Each object has an "object 
identifier" that describes (or equals) its starting memory location. When an object is 
deleted, the object identifier associated with the deleted file, database record or registry 
entry is placed on a list of available object identifiers. After sufficient time has passed 
following a cold boot (and, presumably, sufficient file system activity has occurred) to 

25 allow some randomness in the objects that have been allocated and de-allocated, a 
dummy database is created with a number of empty records. A random number 
generator is used to randomly delete and optionally create records in the dummy 
database. As time passes and records are allocated and de-allocated, the randonmess of 
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the list of available object locations increases. In a typical implementation of the file 
system, memory is "recycled" by fulfilling memory requests fi-om the list of 
previously-de-allocated memory locations. 

After sufficient time has passed, a file with a specified nvmiber of blocks 

5 is created. The object identifiers of the blocks axe concatenated together to create an 
MID. The created file is filled with a program (an "MID-dependent program") whose 
usage is to be tied to the MID. The program is specially created for a particular MID, 
and the MID is embedded within the program. The program includes code that checks 
to see if the MID embedded within it matches the object identifiers of the blocks of the 

10 file in which it is located. If the MID-dependent program determines that tiie OIDs of 
the blocks of its own file do not match the expected MID, then authentication fails 
because the failure to match indicates either that the MID has been tampered with, that 
the program has been ported to a machine on which it is not authorized, or tibat the 
MID has been regenerated without also generating a new program that embeds the new 

15 MID. The randomness involved in the process of allocating blocks for the file that 

stores the program makes it unlikely that a new MID generation process would result in 
allocating another file for the program having exactly the same object identifiers. 

A software-generated MID in accordance with the invention survives a 
warm boot, so long as the warm boot does not result in the removal of the file 

20 containing the MID-dependent program. A software-generated MID does not survive a 
cold boot. If a new MID is generated, the new MID will likely fail to match any 
previously generated MID. 

Other features of the invention are described below. 

25 BRIEF DESCmPTION OF THE DRAWINGS 



The foregoing summary, as well as the following detailed description of 
preferred embodiments, is better understood when read in conjunction with the 
appended drawings. For the purpose of illustrating the invention, tihere is shown in the 



MSFT-0669/171951.1 



4 



PATENT 



drawings exemplary constructions of the invention; liowever, the invention is not 
limited to the specific methods and instrumentalities disclosol. In the drawings: 

FIG. 1 is a block diagram of an exemplary computing environment in 
which aspects of the invention may be implemented. 
5 FIG. 2 is a block diagram of a system for creating a tamper-resistant 

MID in accordance with one embodiment of the invention; 

FIG. 3 is a flow diagram of a method for creating a tamper-resistant 
MID in accordance with one embodiment of the invention; and 

FIG. 4 is a block diagram illustrating the use of a random number 
10 generator to generate blocks with random object identifiers mto which an MID- 
dependent program may be installed in accordance with one embodiment of the 
invention. 

DETAILED DESCRIPTION OF THE INVENTION 

15 Overview 

By using an innate aspect of an Operating System (O/S) such as the in- 
memory Windows-CE operating system, an MID can be created that is unique and 
tamper-proof. The software creating the MID does not deterministically control the 
final value for the MID because the MID is dependant on a relatively random pre- 

20 existmg O/S state. MED-dependent software is created based on this state, and the 

xmlikelihood of re-creating this relatively random state makes it unlikely that the MID- 
dependent software can be ported to another device on which its use is not authorized. 
Exemplary Computing Environment 

FIG. 1 illustrates an example of a suitable computing system 

25 envkonment 100 in which the invention may be implemented. The computing system 
environment 100 is only one example of a suitable computing environment and is not 
intended to suggest any limitation as to the scope of use or functionality of the 
invention. Neither should the computmg environment 100 be interpreted as having any 
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dependency or requirement relating to any one or combination of components illustrated 
in the exemplary operating environment 100. 

The invention is operational with numerous other general purpose or 
special purpose computing system environments or configurations. Examples of well 

5 known computing systems, environments, and/or configurations that may be suitable 
for use with the invention include, but are not limited to, personal computers, server 
computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based 
systems, set top boxes, programmable consumer electronics, network PCs, 
minicomputers, mainframe computers, distributed computing environments that include 

10 any of the above systems or devices, and the like. 

The invention may be described in the general context of computer- 
executable instructions, such as program modules, being executed by a computer. 
Generally, program modules mclude routines, programs, objects, components, data 
structures, etc. that perform particular tasks or implement particular abstract data types. 

15 The invention may also be practiced m distributed computing environments where tasks 
are performed by remote processing devices that are linked through a communications 
network or other data transmission medium. In a distributed computing environment, 
program modules and other data may be located in both local and remote computer 
storage media including memory storage devices. 

20 With reference to FIG. 1, an exemplary system for implementing the 

invention includes a general purpose computing device in the form of a computer 110. 
Components of computer 1 10 may include, but are not limited to, a processing unit 
120, a system memory 130, and a system bus 121 that couples various system 
components including the system memory to the processing unit 120. The system bus 

25 121 may be any of several types of bus structures including a memory bus or memory 
controller, a peripheral bus, and a local bus using any of a variety of bus architectures. 
By way of example, and not limitation, such architectures include Industry Standard 
Architecture (ISA) bus. Micro Channel Architecture (MCA) bus. Enhanced ISA (EISA) 
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bus. Video Electronics Standards Association (VESA) local bus, and Peripheral 
Component Interconnect (PCI) bus (also known as Mezzanine bus). 

Computer 1 10 typically includes a variety of computer readable media. 
Computer readable media can be any available media that can be accessed by computer 
110 and includes both volatile and nonvolatile media, removable and non-removable 
media. By way of example, and not limitation, computer readable media may comprise 
computer storage media and communication media. Computer storage media includes 
both volatile and nonvolatile, removable and non-removable media implemented in any 
metiiod or technology for storage of information such as computer readable 
instructions, data structures, program modules or other data. Computer storage media 
includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory 
technology, CDROM, digital versatile disks (DVD) or other optical disk storage, 
magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage 
devices, or any other medium which can be used to store the desired information and 
which can accessed by computer 110. Communication media typically embodies 
computer readable instructions, data structures, program modules or other data in a 
modulated data signal such as a carrier wave or other transport mechanism and includes 
any information delivery media. The term "modulated data signal" means a signal that 
has one or more of its characteristics set or changed in such a manner as to encode 
information in the signal. By way of example, and not Ihnitation, communication media 
includes wired media such as a wired network or direct-wired connection, and wireless 
media such as acoustic, RF, infrared and other wireless media. Combinations of any of 
the above should also be included within the scope of computer readable media. 

The system memory 130 includes computer storage media in the form of 
volatile and/or nonvolatile memory such as read only memory (ROM) 131 and random 
access memory (RAM) 132. A basic input/output system 133 (BIOS), containing the 
basic routines that help to transfer information between elements within computer 110, 
such as during start-up, is typically stored in ROM 131. RAM 132 typically contains 
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data and/or program modules that are immediately accessible to and/or presently being 
operated on by processing unit 120. By way of example, and not limitation, FIG. 1 
illustrates operating system 134, application programs 135, other program modules 
136, and program data 137. 

The computer 110 may also include other removable/non-removable, 
volatile/nonvolatile computer storage media. By way of example only, FIG. 1 illustrates 
a hard disk drive 140 that reads from or writes to non-removable, nonvolatile magnetic 
media, a magnetic disk drive 151 that reads from or writes to a removable, nonvolatile 
magnetic disk 152, and an optical disk drive 155 that reads from or writes to a 
removable, nonvolatile optical disk 156, such as a CD ROM or other optical media. 
Other removable/non-removable, volatile/nonvolatile computer storage media that can 
be used in the exemplary operating envnonment include, but are not limited to, 
magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, 
solid state RAM, solid state ROM, and the like. The hard disk drive 141 is typically 
connected to the system bus 121 through an non-removable memory interface such as 
interface 140, and magnetic disk drive 151 and optical disk drive 155 are typically 
connected to the system bus 121 by a removable memory interface, such as interface 
150. 

The drives and their associated computer storage media discussed above 
and illustrated in FIG. 1, provide storage of computer readable instructions, data 
structures, program modules and other data for the computer 110. In FIG. 1, for 
example, hard disk drive 141 is illustrated as stormg operating system 144, application 
programs 145, other program modules 146, and program data 147. Note that these 
components can either be the same as or different from operating system 134, 
application programs 135, other program modules 136, and program data 137. 
Operating system 144, application programs 145, other program modules 146, and 
program data 147 are given different numbers here to illustrate that, at a minimimi, 
they are different copies. A user may enter commands and information into the 
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computer 20 through input devices such as a keyboard 162 and pointing device 161, 
commonly referred to as a mouse, trackball or touch pad. Other input devices (not 
shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the 
like. These and other input devices are often connected to the processing unit 120 
through a user input interfece 160 that is coupled to the system bus, but may be 
connected by other interface and bus structures, such as a parallel port, game port or a 
universal serial bus (USB). A monitor 191 or other type of display device is also 
connected to the system bus 121 via an interface, such as a video interface 190. In 
addition to the monitor, computers may also mclude other peripheral ouq)ut devices 
such as speakers 197 and printer 196, which may be connected toough an output 
peripheral interface 190. 

The computer 110 may operate in a networked environment using logical 
connections to one or more remote computers, such as a remote computer 180. The 
remote computer 180 may be a personal computer, a server, a router, a network PC, a 
peer device or otiier common network node, and typically includes many or all of the 
elements described above relative to the computer 110, although only a memory storage 
device 181 has been illustrated in FIG. 1. The logical connections depicted in FIG. 1 
include a local area network (LAN) 171 and a wide area network (WAN) 173, but may 
also include other networks. Such networking environments are commonplace in 
offices, enterprise- wide computer networks, intranets and the Internet. 

When used in a LAN networkmg environment, the computer 110 is 
connected to the LAN 171 through a network interface or adapter 170. When used in a 
WAN networking environment, the computer 110 typically mcludes a modem 172 or 
other means for establishing communications over the WAN 173, such as the Internet. 
The modem 172, which may be internal or external, may be comiected to the system 
bus 121 via the user input interface 160, or other appropriate mechanism. In a 
networked environment, program modules depicted relative to the computer 110, or 
portions thereof, may be stored in the remote memory storage device. By way of 
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example, and not limitation, FIG. 1 illustrates remote application programs 185 as 
residing on memory device 181. It will be appreciated that the network coimections 
shown are exemplary and other means of establishing a communications link between 
the computers may be used. 
5 Software System and Method for Creating a Unique Machine Identiiacation (MID) 
FIG. 2 illustrates an exemplary system for creating a unique MID. In 
one embodiment of the invention, computer 1 10 is communicatively coupled to a 
remote computer 180. Computer 180 in this embodmient of the invention is a server 
from which may be downloaded MID-dependent software 222 that performs a device- 

10 dependent function, such as restricting data to use on a particular computing device 

110. For example, the data may be an encrypted electronic book having a commercial 
value, and MID-dependent software 222 may enforce the rule that the electronic book 
can only be decrypted and viewed on a particular device or set of devices. 

Computer 110 comprises a memory 130 and processing unit 120. 

15 Memory 130 may include an operating system 202, an available object identification 
file 206, a database 208, a random number generator 210, an MID generator 212, and a 
file 214 which, as described below, receives and stores MID-dependent software 222. 
In one embodiment of the invention, computer 110 is a handheld computer such as a 
Pocket PC device. 

20 In one embodiment of the invention, operating system 202 is the 

WINDOWS-CE operating system distributed by Microsoft Corporation of Redmond, 
Washington, although any suitable operating system may be used. 

File system 204 is a component of operating system 202. File system 
204 manages the storage of objects such as files, database records, and registry entries 

25 by assigning one or more memory blocks to each such entry. File system 204 assigns 
an object identifier (OID) to each stored object - i.e., each block of a file, to each 
database record, and to each registry entry. In a preferred embodiment, an OID is a 
physical memory address, representing the location in memory of the beginning of the 
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file block, database record, or registry entry at which the object having a given OID is 
stored. An MID in accordance witihi the invention may be derived from the OID values 
assigned to certain blocks in the manner described below. OID values are suitable for 
use as MID components because OID values are persistent across warm-boots, can be 
5 made relatively random, and can be queried by user software. Additionally, OIDs have 
the beneficial feature that if they are changed by user software, the operating system 
may crash due to the inability of the file system to correctly identify objects 
(necessitating a cold boot and the consequent generation of a new MID), thereby 
providing a measure of tamper-resistance to the MID. 

10 File system 204 maintams, or has access to, a list 206 of available 

locations 206a, 206b, ... 206x in memory 130 at which objects can be stored. A 
location in memory 130 is available if the location is not presently being used to store 
another object - i.e., if the memory location has not been used since the last cold boot, 
or if the memory location contains a de-allocated object whose location in memory 130 

15 has been marked for re-use. 

File system 204 also interacts with database 208. Database 208 stores 
and manages records 208(a)(1), 208(a)(2), ... 208(a)(«). File system 204 provides 
database 208 with memory blocks in which to store records. The memory blocks 
provided by file system 204 each have an OID that identifies where the record is stored 

20 in memory, as discussed above. Thus, record 208(a)(1) is associated with OID 
208(b)(1), record 208(a)(2) is associated with OID 208(b)(2), and so on. 

Random number generator 210 generates numbers according to a 
pseudo-random algorithm; such algorithms are known in the art and therefore are not 
discussed herein. As discussed below, random number generator 210 may be used to 

25 delete random records from database 208, thereby freeing random memory locations 
for the storage of new objects. These random memory locations will have 
correspondingly random object IDs as their addresses. A technique is discussed below 
whereby these random object IDs can be used to generate an MID. 
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MID generator 212 is a software module that generates a unique MID 
for computer 110. In order to create an MID, MID-generator 212 generally creates a 
file 214 having a predetermined number of blocks, and creates an MID based on the 
OIDs of those blocks (e.g., by concatenating the OIDs). The creation of the file occurs 
5 after the list 206 of available memory locations has been sufficiently randomized by the 
process described below, so that file 214 comprises randomly located blocks. Because 
file 214 is created during the process described in FIG. 3, file 214 is outlined with a 
1=5= dashed line in FIG. 2. The nature of file 214 is described in detail below in connection 

S with FIG. 4. An MID-dependent program 222 (received from server 180, as discussed 

10 below) may be stored in file 214 as described below. "MID-dependent program," in 
lU this context, means a program that is designed to perform its functions (e.g., the 

lS fimction of decrypting commercially-valuable encrypted content, in the example above) 

only in an environment identified by a particular MID. 
|y FIG. 3 is a flow diagram of a method for creating a tan^)er-resistant 

=C 15 machme identification in accordance with one embodiment of the invention. Briefly, the 

p 

i2 process is as follows. Following startup, computer 110 randomizes the list of available 

memory locations. In one embodiment of the invention, the list is randomized by 
creating a large "dummy" database 208 (i.e., a database with empty records), where 
the records that make up database 208 are later deleted at random to create randomly- 

20 located blocks of fi-ee space. The purpose of creating this dummy database 208 is to 
cause file system 204 to allocate a large number of memory blocks, although other 
techniques that cause a large number of objects to be allocated may be used (e.g., 
creating a large number of small files, creating a large number of registry entries, etc.). 
Random number generator 210 is then used to randomly delete database records (or 

25 whatever types of objects have been allocated). This random deletion of records (or 
other objects) causes random memory blocks (identified by correspondingly random 
object IDs) to be placed on the list 206 of available memory blocks. Preferably, a 
sufficient period of time is allowed to pass before using random number generator 210 
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to delete records, since the passage of time allows computer 110 to perform enough 
unpredictable operations to randomly seed random number generator 210; it wiU be 
appreciated, however, that other techniques may be used to help generate random seed 
data for random number generator 210 (e.g., having the user provide input and using 
5 the unpredictable time intervals between mput events). 

After a list of random available memory blocks has been created a file 
214 (shown in FIG. 2) of a specified size is created. The file is of the necessary size to 
store an MID-dependent program 222 (shown in FIG. 2). An MID is created based on 
the OIDs of the blocks that make up the file 214 (e.g., by concatenating the OIDs of 

10 those blocks.) The MID is then uploaded to server 180, which creates an instance of 
MID-dependent program 222 specially for the uploaded MID. MID-dependent program 
222 may perform functions related to the protection of secure content - e.g., decrypting 
protected content whose use is to be limited to a smgle machine or set of machines - 
although any type of software may be tied to an MID whether or not it performs 

15 security-sensitive functions. The MID-dependent program 222 is downloaded to 
computer 110 and stored in file 214. (The MID-dependent software fits in file 214 
because MID-dependent program 222 is of a predetermined size that is known at the 
time file 214 is created; while the exact content of program 222 may change based on 
the MID, in a preferred embodiment the size does not change.) MID-dependent 

20 program 222 has embedded within itself the MID of computer 110. The MID is 
preferably stored in an obfuscated maimer that does not require the MID's explicit 
representation within MID-dependent program 222. MID-dependent program 222 is 
made "MID-dependent" by including code that checks the embedded MID agamst the 
object identifiers of the blocks of file 214 in which MID-dependent program 222 is 

25 stored. Preferably, MID-dependent program 222 will fail to fulfill its purpose (e.g., 

will fail to decrypt protected content and will shut down) if the embedded MID does not 
match (or is not otherwise consistent with) the OIDs of file 214's blocks. Thus, any 
attempt to move MID-dependent program 222 to a different file location or a different 
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machine will likely cause verification of the MID to fail, since file blocks must be 
allocated by the operating system following a randomization procedure, and it is 
unlikely that file 214 would be recreated with blocks having the exact same OIDs as the 
ones used to create the MID that server 180 used to create a particular instance of 
5 program 222. 

The process of creating a tamper-resistant MID begins at step 402 with a 
cold boot. Since the MID of the present invention is designed to survive a warm boot, 
MIDs are generally created after the machine is started cold - i.e., from "power off." 
Following the cold boot, in one embodiment the system waits for a period of time. The 
10 reason for the wait is that the following step (405), as described below, involves some 
randomization using a pseudo-random number generator 210. If the system waits for a 
period of time following the cold boot before performing pseudo-random processes, it 
is likely that random events, computations, movement of data, etc., will have occurred 
that will increase the randomness m the seedmg of the random number generator 210, 
15 although it will be understood that other techniques (e.g., receiving user input and 
using the unpredictable time intervals between input events as random data) may be 
used to help randomize the seeding of random number generator 210. While the wait 
may occur for any amount of time (or not at all), it will be understood that die amount 
of time to wait represents a trade-off between the amount of randomness in the MID- 
20 generating process, and the amount of delay prior to generating an MID. 

At step 405, a list of available memory locations is randomized. The 
goal of randomizing the set of available memory locations is to ensure that die file 214 
that will later be created to hold MID-dependent software 222 will be located in a set of 
blocks having random object identifiers. One exemplary way of creating the list of 
25 random memory locations, as described above, is to create a dummy database 208 

having many records (e.g., records 208(a)(1) through 208(a)(5000)), and to use random 
number generator 210 to randomly select records for deletion fi:om that database. For 
example, if random number generator 210 selects the value "4" (reference numeral 
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302), the fourth record (reference numeral 208(a)(4)) in database 208 is deleted and the 
corresponding memory location 208(b)(4), (887765), is put on the list 206 of available 
memory locations, (reference numeral 306a), as shown in FIG. 4. The process may be 
repeated to select additional records of database 208 for deletion, thereby increasing the 
number of randomly-located memory locations that are available for allocation. The 
deleted records result in randomly scattered unallocated memory that can later be 
reallocated to file 214. It should be noted liiat the content of dummy database 208 is 
immaterial; the primary purpose for dummy database 208 is to randomize the set of 
available memory locations by deleting randomly located records from the database. 

At step 410, file 214 (shown in FIG. 2) is allocated which will store the 
MID-dependent software 222 (also shown m FIG. 2). Typically, the size of the MID- 
dependent software is known at the time the file is created. Thus, if it is known for 
example that MID-dependent software 222 is five blocks m length, then file 214 may be 
created with five blocks. Alternatively, the file may be created with more blocks than 
are needed to house the MID-dependent software, so that, for example, a sufficient 
number of blocks are always allocated to generate an MID. These five blocks are 
allocated from the list 206 of available memory locations (e.g., from the end of the 
list). Exemplary file 214, (FIG. 4) m one embodiment of the invention, comprises five 
blocks, 214(a)(1), 214(a)(2), 214(a)(3), 214(a)(4), and 214(a)(5), which have memory 
locations (and corresponding OIDs) taken from the end of the list 206, (e.g. 306a, 
306b, 306c, 306d, 306e respectively). 

At step 412, a machine identifier (MID) is generated based on the OIDs 
of the blocks in file 214. The MID may be created by concatenating together exemplary 
OID values 306a, 306b, 306c, 306d and 306e, by hashing or digesting those values, or 
by any other technique that creates an MID based on the OID values of the blocks in 
file 214. 

At step 420, file 214 is filled with MID-dependent software 222. In a 
preferred embodiment, the process of filling file 214 with MID-dependent software 222 
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comprises uploading the MID generated at step 412 to server 180, which creates a 
version of MID-dependent software 222 that has the uploaded MID embedded witiiin it, 
and then downloading the created version of the MID-dependent software to computer 
110 for insertion into file 214. The MID is embedded within MID-dependent software 
5 222 in the sense that software 222 is able to verify that the MID of the machine on 
which it is running is the MID for which the version of software 222 was created 
(although the MID is preferably obfuscated within software 222 rather than dkectly 
represented within that software, so that it cannot easily be viewed by the user of 
computer 110). As noted above, one example of MID-dependent software is software 

10 that decrypts encrypted content only if the content and the MID-dependent software are 
located on a machine that has a particular MID, although there are other examples. One 
action typically performed by MID-dependent software 222 is to check, during its 
operation, that the MID of tiie device on which it is running is the one embedded within 
software 222, since any contrary conclusion suggests an unauthorized attempt to port 

15 software 222 to another machine, or an attempt to tamper with the MID. As one 

example, if the MID is a concatenation of the OID block numbers 214(a)(1), 214(a)(2) 
... 214(a)(5) of file 214, then software 222 checks the embedded MID against the OID 
values of its own file block numbers concatenated together. 

Suppose, for example, that a user (e.g., user 1) of computer 110 

20 acquires MID-dependent software 222 fi-om server 180 by uploading the MID of user 
I's computer to server 180. Server 180 may return an MID-dependent program 222 
that is associated with MID (e.g., MID = "887765232243850848957406837565" to 
device 110. Verification program 222 may be associated with MID 
"887765232243850848957406837565" by appending the MID 

25 "887765232243850848957406837565" to the MID-dependent program 222, by 
encrypting MID-dependent program 222 using a key based on MID 
"887765232243850848957406837565" , or by other known methods. MID-dependent 
program 222 is tiien loaded into file 214 as described above. Suppose fliat user 1 
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allows user 2 to copy MED-dependent program 222 on user I's computer in an attempt 
to allow user 2 to access whatever data or service that MID-dependent program 222 
provides access to. When MID-dependent software 222 is copied from computer 110 
to user 2's computer (second computer), OID values from the second computer's 
5 available OID file will be assigned for the block numbers of the file into which MID- 
dependent program 222 is copied on the second computer. When the copy of MID- 
dependent program 222 on user 2's computer checks to see if the OIDs of the blocks in 
which user 2's copy of MID-dependent program 222 is stored match MID 
"887765232243850848957406837565", the verification process fails because block 

10 verification program 222 will not be located at the same location in memory on the 
second computer as it was in computer HQ's memory, hence the MID the MID- 
dependent program 222 expects, "887765232243850848957406837565" will not match 
the OIDs in its own file and authentication fails. 

Similarly, altering the file OIDs for the MID-dependent program 222 is 

15 likely to cause operating system 202 to crash, because the OIDs are typically memory 
addresses, and changing them results in the changed blocks being untraceable by the 
file system. 

It will be noted that the MID and MID-dependent software 222 created 
according to the technique described above in connection with FIG. 4 has the following 
20 features: 

• The MID is based pardy on random processes, so that running the 
same software two different times is unlikely to generate the same 
MID. 

• The MID is dependent on a feature of the state of the operating 

25 system (i.e., the location/OID) of certain file blocks, which makes it 

difficult for a user to change the MID without disrupting (and 
possibly crashing) the system. 
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• The MID-dependent software is tightly bound to the location in 
which the MID is stored, since the MED is based on this location and 

the MID checks its own location against the MID prior to performing 
actions that should take place only on a device having a particular 
MID. 

• The MID survives a warm boot, so long as the warm boot preserves 
the location of objects in storage (or preserves any other state of the 
system on which the MID may be based). 

• If the system is cold-booted (i.e., booted from "power-off," or in a 
manner that clears storage locations), the randomness in the MID- 
generating process makes it highly unlikely that tiie same MID will 
be recreated. 

The programroing necessary to effectuate the processes performed in 
connection with the present invention is relatively straight-forward and should be 
apparent to the relevant programming public. Any particular programming language or 
methodologies may be employed to effectuate the present invention without departing 
from the spirit and scope thereof. 

In the foregoing description, it can be seen that the present invention 
comprises a new and useful mechanism for creating a machine identification through 
software. It should be appreciated that changes could be made to the embodiments 
described above without departing from the inventive concepts thereof. It should be 
understood, Uierefore, that this invention is not limited to tiie particular embodiments 
disclosed, but it is intended to cover modifications within the spirit and scope of the 
present invention as defined by the appended claims. 



